Migrating Distribution Groups to Office 365, part 1

I am most of the way through a hybrid-mode migration from Exchange 2010 to Office 365. There are a few stages in a hybrid migration. During the process, your on-premises Active Directory database and Exchange directories are synced to the cloud so that mailboxes that have been migrated still appear in the on-premises directory for mailboxes that have not migrated and vice versa.

Distribution groups can be a problem in an already-complex environment:

►On-premises distribution groups can’t be managed by an online mailbox user. Although online users can see the group, be a member of it, and send email to it, membership of an on-premises group can only be edited using on-premises tools like ADUC, EAC, or EMC.
►On-premises dynamic distribution groups aren’t even visible to online mailboxes. (The online mailboxes can still be members of on-premises dynamic groups since they appear in the Exchange console as mail users.)
►Online groups, whether dynamic or not, aren’t visible to on-premises mailboxes. (You can create mail contacts in Exchange pointing to the online groups. You can do the same thing in the cloud for on-premises dynamic groups.)

Hybrid-mode is intended to be a temporary state while your migration is in progress. Most organizations will just deal with the inconveniences until all mailboxes have been synced, then they’ll rebuild their distribution groups in the cloud.

That’s where I am now.

Since I have hundreds of distribution groups, I wasn’t about to rebuild them all by hand. Of course, I could have just created the groups and told the owners of each group to re-add their members, but what kind of customer service would that be?

Enter flowcharts, Excel, and PowerShell.

I carefully thought out the logic of the migration before I did anything at all. Factors such as group nesting, hidden groups, authorized senders, etc., kept my wheels turning for several weeks before I finally settled on this process:

1. Gather data. I exported a list of all distribution groups and their properties to a csv file. Then I wrote a PowerShell script (Export_DistroGroup.ps1) to export key details to multiple csv files for each group, which I would later use to populate and configure the new online groups. I created this folder structure to accommodate the script: C:\Temp\Groups\Completed. (Details to come in part 2.)

2. Create groups in Exchange Online. I used the list I created in step 1 to create corresponding groups in Exchange Online, appending ” OL” to the name of each group to avoid conflicts. This is easy enough to do using a formula in Excel to create the PowerShell code. The formula was something like this:

="New-DistributionGroup -Name """&A2&" OL"""

Note the triple double-quotes. That’s actually a double double-quote plus a single double-quote. A double-quote mark acts as an escape character in an Excel formula, allowing you to include a literal quote mark in the output.

Assuming cell A2 contains the original group name, the formula above would produce this code that you can copy and paste into a PowerShell session connected to Exchange Online:

New-DistributionGroup -Name "My Group Name OL"

I’m sure you can figure out how to make that work in your peculiar environment.

3. Configure groups in Exchange Online. I wrote another PowerShell script (Import_DistroGroup.ps1) to configure the new online distribution groups using the CSV files exported in step 1. (Details to come in part 3.)

4. Delete on-premises groups. After verifying that I had all the data I needed to rebuild them in the cloud (or on-premises if necessary), I removed the original groups using the same Excel spreadsheet and this formula:

="Remove-DistributionGroup """&A2&""" -Confirm:$False"

Be careful. I would run through this entire process with a small set of groups first. Maybe use your internal IT department groups because there would be less public outcry if you blow those up. Unlike the last cmdlet, this one needs to be run against your local Exchange organization. Force a directory sync with the cloud before moving on.

Step 4 made my left eye twitch.

5. Rename and address online groups. I wrote a third PowerShell script (Address_DistroGroup.ps1) that renames the new online groups to the old on-premises group names and adds the email addresses extracted in step 1. (Details to come in part 4.)

Overall, this was relatively painless compared to doing it all through the GUI tools, but there are a few gotchas to watch out for.

►If an on-premises user needs to email one or more of the groups you just deleted, you might need to create a mail contact in your local Exchange organization with the external email address of your new online group and the legacyExchangeDN of the deleted group.
►Some Outlook clients might not get the updates in their Offline Address Books before a user needs to send an email to one of the new groups. You should be able to resolve most of these with an Offline Address Book update.
►For some reason I haven’t identified yet, the AcceptMessagesOnlyFromDLMembers attribute for the new groups weren’t updated properly by Import_DistroGroups.ps1. Fortunately, I had an accurate record of what it was supposed to be because of the data I exported in step 1. I’ll see if I can figure that out before I post part 3.

I cannot emphasize enough how important it is to gather sufficient data from the beginning. There’s no such thing as going overboard in this respect. If you back up your Exchange organization, make sure you have a full and valid backup before deleting anything. If you use lag copies, make sure they’re working and as up-to-date as possible. Archive any csv files containing group configuration information.

Test every step. Don’t take my word for anything.

In part 5, I’ll talk about what I did with my on-premises Dynamic Distribution Groups.